Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush;

Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases;

Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University;

Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights;

Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country.

This certainly harkens back to the days of spying on Martin Luther King and other human rights activists -- the kind of thing that was supposed to have stopped decades ago. In fact, the driving reason for setting up the FISA Court was to prevent this kind of thing. As Greenwald's report notes, these individuals were on a list of folks who the DOJ had convinced the FISA Court that there was "probable cause" were engaged in terrorism.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also “are or may be” engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens.

The spreadsheet shows 7,485 email addresses listed as monitored between 2002 and 2008. Many of the email addresses on the list appear to belong to foreigners whom the government believes are linked to Al Qaeda, Hamas, and Hezbollah. Among the Americans on the list are individuals long accused of terrorist activity, including Anwar al-Awlaki and Samir Khan, who were killed in a 2011 drone strike in Yemen.

But a three-month investigation by The Intercept—including interviews with more than a dozen current and former federal law enforcement officials involved in the FISA process—reveals that in practice, the system for authorizing NSA surveillance affords the government wide latitude in spying on U.S. citizens.

Reading through the report, it becomes quite clear that the main reason these individuals on the list is solely because they're Muslim. Of every lawyer who has helped represent defendants in terrorism-related cases, the only one on this list just happens to be Muslim. As the article reminds us, a few years back, Spencer Ackerman did some great reporting, revealing how the FBI was being trained to believe all Muslims were "violent" and "radical" and the impact of that ridiculous training appears to be clear in what this latest report finds. Perhaps the most chilling example of this anti-Muslim attitude is found in a training document revealed in this new report, showing intelligence community members how to "identify" targets for the FISA court. The "placeholder" name says it all:

Later in the report, the government tries to deny that there was a FISA Court order concerning at least one of the individuals listed above, even though they were in the spreadsheet. But that level of confusion only suggests that the process is even more of a mess. Whether or not this complied with the law is a distraction. The law shouldn't allow this kind of thing.

A former Justice Department official involved in FISA policy in the Obama Administration says the process contains too many internal checks and balances to serve as a rubber stamp on surveillance of Americans. But the former official, who was granted anonymity to speak candidly about FISA matters, acknowledges that there are significant problems with the process. Having no one present in court to contest the secret allegations can be an invitation to overreach. “There are serious weaknesses,” the former official says. “The lack of transparency and adversarial process—that’s a problem.”

Indeed, the government’s ability to monitor such high-profile Muslim-Americans—with or without warrants—suggests that the most alarming and invasive aspects of the NSA’s surveillance occur not because the agency breaks the law, but because it is able to exploit the law’s permissive contours. “The scandal is what Congress has made legal,” says Jameel Jaffer, an ACLU deputy legal director. “The claim that the intelligence agencies are complying with the laws is just a distraction from more urgent questions relating to the breadth of the laws themselves.”

Much of the rest of the story involves a detailed look at the men listed above, all of which is worth reading, demonstrating just how ridiculous it was to be spying on their communications. The video of Faisal Gill is really worth watching:

from the try-that-again? dept

Benjamin Wittes of the Brooking Institution has become the go-to non-government NSA apologist. One of his most recent articles is a true work of rhetorical artistry, in which he tries to explain why saying "the NSA doesn't spy on Americans" is acceptable shorthand for the fact that the NSA spies on pretty much every American. It's a master class in political doubletalk. First, it's the law's fault. The law, you see, is too complicated for mere mortals not working for the NSA to understand, so that makes it okay to lie:

The law is so dense and so complicated that it cannot be accurately summarized at a level a citizen can reasonably process.

Any effort to summarize the relevant law necessarily ignores themes sufficiently important to its architecture that the reductionism will partake of serious inaccuracy. The person who told my friend that NSA does not spy on Americans was not lying. He or she was highlighting a crucially-important limitation on NSA’s authority vis a vis US persons. The law and the relevant regulations all contain significant territorial restrictions and significant protections for US persons overseas as well—all designed to separate the foreign intelligence mission of NSA from both domestic intelligence and domestic law enforcement. It’s a sincere and pervasive effort. “We don’t spy on Americans” is a common shorthand for a wealth of law and practice that really and meaningfully keeps the agency out of the business of being a covert domestic intelligence agency.

Got that? Because there are some limitations on all the spying they do on Americans, and it's too complicated to understand those limitations, so it's okay to lie and say they don't spy on Americans. Of course, in the very next paragraph, Wittes tries to effectively brush away the massive amount of surveillance done on Americans.

NSA, after all, does spy on individual Americans with an order from the FISC. It does, moreover, capture all domestic telephony metadata. And most importantly, it does routinely capture communications between Americans and the targets of its surveillance and incidentally capture other material its systems scoop up overseas—subject to rules that limit the retention and processing of US person information. In other words, to say that NSA does not spy on Americans emphatically does not mean, as a reasonable student or citizen might expect it to mean, that the agency does not regularly acquire and process the communications of Americans.

Of course, as Jameel Jaffer from the ACLU points out, this is all nonsense because it's a simple fact that the NSA does do surveillance on Americans, and to claim otherwise is not acceptable shorthand. It's a lie. And while Wittes then tries to obfuscate things even more by trying and purposely failing to come up with a concise way of summarizing what the NSA does, Jaffer helps out with a few workable suggestions:

This is nonsense. Perhaps Ben’s right that it’s difficult to come up with a single sentence, or even a single paragraph, that clearly and comprehensively describes the nature and extent of the NSA’s surveillance of Americans. (Can you describe any federal agency’s functions in a single, comprehensive paragraph?) But it’s not difficult to come up with a sentence more accurate than “The NSA doesn’t spy on Americans.” Try this one: “The NSA spies on Americans.” Or this one: “The NSA collects a huge amount of information about Americans’ communications and in many contexts it collects the communications themselves.” Or this one: “The NSA is sometimes described as a foreign-intelligence agency but this label should not obscure the fact that a large part of the agency’s energy is dedicated to collecting and analyzing information about Americans.”

Jaffer further points out that Wittes's suggestion that those who claim the NSA doesn't spy on Americans are really trying to tell the truth through shorthand, is actually misleading. As Jaffer points out:

Any official who says the NSA isn’t spying on Americans is seeking to mislead.

And anyone defending that statement is trying to support that fundamental attempt to mislead.

from the pay-attention dept

By this point, it should be clear that when Senators Ron Wyden and Mark Udall ask questions to senior intelligence community officials in open hearings, it's not because they don't know the answers, but because they do, and they have information that they think should be public. Remember, of course, that, years ago, Wyden and Udall were clearly hinting at what Ed Snowden eventually revealed. So, during yesterday's hearing during which leaders from the intelligence community tried to pull their usual "be scared American people!" schtick, Wyden's and Udall's questions point to some potential mischief by the CIA. Both asked questions of CIA boss John Brennan concerning the legality of certain actions. It is unlikely that they did this because they were just curious. Wyden kicked it off by asking if the Computer Fraud and Abuse Act (CFAA) applied to the CIA:

Wyden: Does the federal Computer Fraud and Abuse Act apply to the CIA?

Brennan: I would have to look into what that act actually calls for and its applicability to CIA’s authorities. I’ll be happy to get back to you, Senator, on that.

Wyden: How long would that take?

Brennan: I’ll be happy to get back to you as soon as possible but certainly no longer than–

Wyden: A week?

Brennan: I think that I could get that back to you, yes.

Of course, we've written about the CFAA many times, and how the broadly (terribly) written law has been abused by law enforcement to go after all sorts of ordinary or reasonable computer activity. But Wyden is flipping this around in a slightly interesting way -- asking if the CFAA applies to the CIA. The answer, actually, is probably no, the CFAA doesn't apply to the CIA. If you look at 18 USC 1030(f) (which is part of the CFAA), it says:

This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.

It seems likely that the eventual answer from Brennan to Wyden will basically point to this particular language. But that's not particularly important, as the intent of the question likely had little to do with actually looking at the scope of the CFAA, but rather hinting very strongly that the CIA is hacking into computers in a manner that would violate the CFAA if it wasn't being done by law enforcement.

This was then followed up soon after with a question from Udall, again to Brennan, asking a slightly different question about the CIA's legal authority, which Brennan doesn't actually answer, instead answering a different question that wasn't asked:

Udall: I want to be able to reassure the American people that the CIA and the Director understand the limits of its authorities. We are all aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of US citizens within our borders. Can you assure the Committee that the CIA does not conduct such domestic spying and searches?

Brennan: I can assure the Committee that the CIA follows the letter and spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes Senator, I do.

Got that? He was asked "do you spy on Americans?" and the answer was "we follow the law." Considering that Wyden and Udall have been among the leading folks pointing out that the intelligence community has regularly reinterpreted the laws in secret in order to broaden their claimed authority, that answer is hardly assuring. Instead, it sure sounds like the CIA admitting that, hell yes, they spy on Americans under their twisted interpretation of the law. Combine that with Wyden's question -- which may or may not be about the same issue, but the two have often coordinated on these issues -- and it certainly hints at the idea that the CIA is hacking into Americans' computers.

Over the last few months, much of the focus has been on the NSA, but it's important to remember that the CIA actually is bigger in terms of its budget, and remains incredibly powerful and secretive. Also, over the last decade or so there appears to be significant evidence of incredible abuse by the CIA. As we've noted a few times, the Senate Intelligence Committee has been sitting on a supposedly explosive report that cost $40 million to put together, detailing some horrific CIA abuses, which the CIA has been doing everything possible to stop from being released.

Given all this, how long will it be until we discover "explosive" revelations about the CIA that confirm what Wyden and Udall have been hinting at?

from the because-why-the-fuck-not,-that's-why dept

"The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target," the analysts' guide explains. "This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development."

The guide goes on to explain Marina's unique capability: "Of the more distinguishing features, Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection." [Emphasis in original.]

Note that this is different than the phone metadata that people have been talking about. This is "internet" metadata -- so browser history, contacts, etc. In other words, the kind of stuff that Dianne Feinstein accidentally admitted the US is scooping up by the boatloads by tapping the internet's backbone with help from US telcos.

The fact that they can look through it even if it hasn't been "tasked for collection" is pretty big. It again shows how the NSA keeps saying one thing (such as claiming they only keep data on people they're "targeting") is simply false. The NSA continues to redefine things. Information isn't "collected" until it's searched. And it's apparently not "stored" until it's moved into a different database than this one.

from the and-another-shoe-drops dept

And, here we go again. This time, it's the WSJ journal with the scoop on NSA surveillance, and how the defenders of the NSA have been lying to us. Despite claims that the NSA was really only focused on foreign communications, the WSJ is reporting that it actually covers 75% of US internet traffic:

The National Security Agency—which possesses only limited legal authority to spy on U.S. citizens—has built a surveillance network that covers more Americans' Internet communications than officials have publicly disclosed, current and former officials say.

The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.

Basically, they're just revealing more details about the things that whistleblower Mark Klein revealed years ago: that the NSA has deals with the major telcos which scoop up a huge amount of internet traffic.

The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc., former officials say. AT&T declined to comment.

This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say.

The WSJ report is wrong on one account, though. It claims that people believed that the NSA's filtering actually happened "where undersea or other foreign cables enter the country" but that's not true. Mark Klein made it clear that the NSA had machines directly on AT&T's property.

And, of course, it will come as no surprise that these programs that work directly with telcos to tap into full internet traffic aren't just about metadata:

...this set of programs shows the NSA has the capability to track almost anything that happens online, so long as it is covered by a broad court order.

[....] Inevitably, officials say, some U.S. Internet communications are scanned and intercepted, including both "metadata" about communications, such as the "to" and "from" lines in an email, and the contents of the communications themselves.

This also shouldn't be a surprise. For all the talk of "metadata" it was always clear that the surveillance defenders were talking about this program only, which was the Patriot Act Section 215 "business records" program. But other programs, such as these listed above, were clearly about actual content as well.

While the report does note that some "minimization" happens, there is clearly widespread ability to abuse. The system works by having the NSA telling the telcos to only send over certain traffic covering "certain areas of interest" which the NSA then "briefly copies" and decides what to keep and what to dump. Again, this is consistent with earlier reports of the NSA searching all emails that go into and out of the US.

The latest report is, again, replete with NSA doublespeak. It claims that it's not "accessing" all of this traffic, because it asks the telcos to do some of the filtering for it. That's how it gets away with talking about "things we actually touch," even though its deals with the telcos basically mean they can access almost everything.

The WSJ further reports that, while most of the requests are targeted towards foreign communications, there are times when it's quite clear that requests are likely to cover domestic communications. Some telcos apparently push back, causing "friction", while others seem to comply with no qualms, though there is no indication of which telcos fall into which camp.

The report further confirms that this program is considered "legal" by the administration thanks to a broad interpretation of the FISA Amendments Act, giving the NSA the power to snoop on people "reasonably believed" to be outside the US, rather than requiring "probable cause" that they were "an agent of a foreign power." Also, there's this:

NSA has discretion on setting its filters, and the system relies significantly on self-policing. This can result in improper collection that continues for years.

The report also claims that it was one of these "mistakes" that resulted in three years of illegal collections (much greater than the "few months" that were revealed in last week's Washington Post article).

And now we wait for another bunch of carefully worded statements from NSA defenders...

And then explains what to do about it. They're pretty clear that if you're directly targeting a US person, that's a problem (and it is, because that's illegal). If it's considered "inadvertent," then you also have to stop, write up an incident report and notify people. That sounds reasonable. But... then there's the "incidental" section. Here, incidental is described as:

You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.

That doesn't seem particularly "incidental" to me. But, here's the kicker. While with all the other forms of collection the NSA is told to stop, when it's "incidental" they're told:

This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.

Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these "incidental" collections of information (and note that it's not just "metadata" here, but full "communications" as well) aren't a real problem. They're told to "apply... minimization procedures" to limit the info on US persons, but we've already seen what a joke those minimization procedures can be.

As Gellman also notes in his report, it appears that the info collected "incidentally" here gets added to NSA databases and can be searched freely:

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

Just last week, it was discussed that there's a "loophole" that, according to Senator Wyden, allows for "warrantless searches for the phone calls or emails of law-abiding Americans." Who knows if this is that particular loophole, but it does seem like a fairly large loop. Just say it's "incidental" and boom, search away.

Remember, the IG report also reveals that a "programming error" meant that a ton of phone calls placed from Washington DC were "intercepted" by the NSA (because someone typed in 202, DC's area code, instead of 20, Egypt's country code) -- and that mistake wasn't reported. That doesn't seem "incidental" to me.

Another example:

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

Think about that for a second. Any communication that mentions both Ericsson and "radio" or "radar." Just for the hell of it, I just did a search on my own email account for the terms "Ericsson" and "radio" and it came back with a ton of results, including 47 from just 2013. In just my mailbox. Many of those are from various wireless news letters or PR announcements, but still...

from the homeland-security? dept

We just recently had a post on the head of one of Homeland Security's "Fusion Centers" (the same Fusion Centers found by a Congressional investigation to be a near total waste of time and money, finding no terrorists, but violating the public's civil liberties) who claimed that the DHS centers did not spy on Americans, and then immediately admitted that they spied on "anti-government" Americans.

The definition of "anti-government" was mostly left as an exercise to the reader. However, in a bout of good timing, the Partnership for Civil Justice has released some new DHS documents it received via a Freedom of Information Act (FOIA) request, showing that DHS regularly spied on peaceful demonstrators and activists. Because exercising your First Amendment rights must make you one of them there "anti-government" Americans, which means the DHS is free to spy on you.

Functioning as a secret political police force against people participating in lawful, peaceful free speech activity, the heavily redacted documents show that the DHS “Threat Management Division” directed Regional Intelligence Analysts to provide a “Daily Intelligence Briefing” that includes a category of reporting on “Peaceful Activist Demonstrations” along with “Domestic Terrorist Activity.” (p. 68)

The PCJF has obtained thousands of pages of documents pursuant to its Freedom of Information Act demands and made them available for public viewing. The newly obtained documents show coordination and intelligence monitoring by the DHS, the FBI, the NYPD and other law enforcement agencies of “Occupy-type” protests.

The documents show the routine use of Fusion Centers for intelligence gathering on peaceful demonstrations as well as the use of DHS’ “Mega Centers” for collection of surveillance information on demonstrations.

And it's not just the big cities. The new documents show that DHS is involved in spying on peaceful protesters and activists around the country. It also shows that DHS helped local law enforcement "crack down" on the various Occupy gatherings. But the key thing is that DHS seems to have no qualms at all about spying on anyone who disagrees with the prevailing positions of today's federal government. And it's clearly not because they're trying to protect others from any threat of actual harm. They seem to be focused on spying to further the goal of preventing the administration from looking bad:

The documents show a Department of Homeland Security that appears obsessed with the question of whether any and all protests that are being surveilled receive media attention and coverage. Reporting within the DHS on media coverage of First Amendment protected activities, even in the smallest places, appears to be a routine part of DHS intelligence reports. None of the documents explain why media coverage of peaceful demonstrations is of interest to law enforcement or concerns “homeland security” in any way.

That's because it doesn't concern "homeland security" at all. It concerns the job security of those employed by Homeland Security.

from the shockingly-unshocking dept

Remember earlier this week when the NSA's boss Keith Alexander tried to shoot down reports that it was storing and datamining all sorts of communications info about Americans (despite a mandate that says the NSA can't spy on Americans?). Yeah. So then there's this news:

The Obama administration is moving to relax restrictions on how counterterrorism analysts may access, store and search information about Americans gathered by government agencies for purposes other than national security threats.

Attorney General Eric H. Holder Jr. on Thursday signed new guidelines for the National Counterterrorism Center, which was created in 2004 to foster intelligence sharing and to serve as a clearinghouse for terrorism threats.

The guidelines will lengthen to five years — from 180 days — the center’s ability to retain private information about Americans when there is no suspicion that they are tied to terrorism, intelligence officials said. The guidelines are also expected to result in the center making more copies of entire databases and “data-mining them” — using complex algorithms to search for patterns that could indicate a threat — than it currently does.

What's amazing is that these people still believe having access to so much info makes it easier to spot important data points, rather than hiding them deeper in the haystack. Having so much data is often useful in post hoc analysis, letting them go back and figure out who to blame, but there's little to suggest such widespread spying on Americans will be all that useful in actually preventing attacks.

Even if there are legitimate reasons for doing this, the idea that the data won't be widely abused is laughable:

They also said they had built safeguards into the system in to protect against misuse of the data, including audits to make sure that searches by government officials of the growing center-held databases would be done only for legitimate terrorism-related purposes.

Of course, we've seen how similar audits have worked in the past, where the DOJ has been regularly dinged for abusing such rights... and then nothing happens. The audits show wrongdoing, intelligence officials pinky swear that they won't do it again, and then they go right back to abusing the info.

from the must-be-fun-to-be-netflix-pr dept

Netflix PR people must be having quite a week. First, the company had to apologize for hiring actors to pretend to be excited Canadian customers to the press, and then CEO Reed Hastings made a really bad joke to a reporter, when asked if Americans would get upset about the fact that Netflix was cheaper in Canada. In response, Hastings called Americans self-absorbed and figured they wouldn't notice:

THR: American services when they enter the Canadian market typically charge the locals more than they charge stateside. Why the discount for Canadians?

Hastings: We want to provide an incredible value for Canadians, and it's the lowest price we have anywhere in the world for unlimited screenings. And anyone can try it for free for a month. It's pretty addictive.

THR: Are you concerned that American Netflix subscribers will look north and ask for the same discount Canadians get at $7.99?

Hastings: How much has it been your experience that Americans follow what happens in the world? It's something we'll monitor, but Americans are somewhat self-absorbed.

While it may have been true that most Americans wouldn't have noticed, making such a statement certainly called their attention to it... and so, off we go to yet another Netflix apology, where Hastings apologies for the "awkward joke" and talks about how great Americans are.